From 0eae19d3f3dec22d23bf6d8aed72be08961ac948 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Mon, 25 Sep 2017 13:30:00 +0000
Subject: community/firejail: fix build for aarch64

---
 community/firejail/APKBUILD      | 11 +++---
 community/firejail/aarch64.patch | 74 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 81 insertions(+), 4 deletions(-)
 create mode 100644 community/firejail/aarch64.patch

(limited to 'community/firejail')

diff --git a/community/firejail/APKBUILD b/community/firejail/APKBUILD
index 1dc5adba45..ba303b4c8f 100644
--- a/community/firejail/APKBUILD
+++ b/community/firejail/APKBUILD
@@ -2,17 +2,19 @@
 # Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
 pkgname=firejail
 pkgver=0.9.50
-pkgrel=0
+pkgrel=1
 pkgdesc="Linux namespaces and seccomp-bpf sandbox"
 url="https://firejail.wordpress.com/"
-arch="all !aarch64"
+arch="all"
 license="GPL2"
 depends="bash"
 makedepends="linux-headers"
 checkdepends="expect"
 options="suid"
 subpackages="$pkgname-doc $pkgname-bash-completion:bashcomp:noarch"
-source="$pkgname-$pkgver.tar.gz::https://github.com/netblue30/$pkgname/archive/$pkgver.tar.gz"
+source="$pkgname-$pkgver.tar.gz::https://github.com/netblue30/$pkgname/archive/$pkgver.tar.gz
+	aarch64.patch
+	"
 builddir="$srcdir/$pkgname-$pkgver"
 
 prepare() {
@@ -55,4 +57,5 @@ package() {
 	make DESTDIR="$pkgdir" install
 }
 
-sha512sums="350e32cf4766dbf42eea6639f895c6b9d0a7cafd3cbd4311f1faa0f56d7be8af30b93befdf0909c34e468bebe4fc5cc9f2023640bab062d6aa33e41446701d2f  firejail-0.9.50.tar.gz"
+sha512sums="350e32cf4766dbf42eea6639f895c6b9d0a7cafd3cbd4311f1faa0f56d7be8af30b93befdf0909c34e468bebe4fc5cc9f2023640bab062d6aa33e41446701d2f  firejail-0.9.50.tar.gz
+4f1aa9de49c84bb5860ae0e5df3e139afa430974dce8e4b796284f4c2ef8bac47c989c1d3fc9163bac7575fa79bb9aa04c2205247edd38520e4003f98516205c  aarch64.patch"
diff --git a/community/firejail/aarch64.patch b/community/firejail/aarch64.patch
new file mode 100644
index 0000000000..bfb5f49a8d
--- /dev/null
+++ b/community/firejail/aarch64.patch
@@ -0,0 +1,74 @@
+From c3acf2d222589bf9d94cacfe180ab38fa46c9cb1 Mon Sep 17 00:00:00 2001
+From: Topi Miettinen <toiwoton@gmail.com>
+Date: Sun, 10 Sep 2017 10:34:42 +0300
+Subject: [PATCH] Improve seccomp architecture support
+
+---
+ src/fseccomp/syscall.c |  6 ++++++
+ src/include/seccomp.h  | 26 ++++++++++++++++++++++++++
+ 2 files changed, 32 insertions(+)
+
+diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c
+index d0692b2ef..69b6e5271 100644
+--- a/src/fseccomp/syscall.c
++++ b/src/fseccomp/syscall.c
+@@ -274,6 +274,9 @@ static const SyscallGroupList sysgroups[] = {
+ #ifdef SYS_vserver
+ 	  "vserver"
+ #endif
++#if !defined(SYS__sysctl) && !defined(SYS_afs_syscall) && !defined(SYS_bdflush) && !defined(SYS_break) && !defined(SYS_create_module) && !defined(SYS_ftime) && !defined(SYS_get_kernel_syms) && !defined(SYS_getpmsg) && !defined(SYS_gtty) && !defined(SYS_lock) && !defined(SYS_mpx) && !defined(SYS_prof) && !defined(SYS_profil) && !defined(SYS_putpmsg) && !defined(SYS_query_module) && !defined(SYS_security) && !defined(SYS_sgetmask) && !defined(SYS_ssetmask) && !defined(SYS_stty) && !defined(SYS_sysfs) && !defined(SYS_tuxcall) && !defined(SYS_ulimit) && !defined(SYS_uselib) && !defined(SYS_ustat) && !defined(SYS_vserver)
++	  "__dummy_syscall__" // workaround for arm64 which doesn't have any of above defined and empty syscall lists are not allowed
++#endif
+ 	},
+ 	{ .name = "@privileged", .list =
+ 	  "@clock,"
+@@ -334,6 +337,9 @@ static const SyscallGroupList sysgroups[] = {
+ #ifdef SYS_s390_mmio_write
+ 	  "s390_mmio_write"
+ #endif
++#if !defined(SYS_ioperm) && !defined(SYS_iopl) && !defined(SYS_pciconfig_iobase) && !defined(SYS_pciconfig_read) && !defined(SYS_pciconfig_write) && !defined(SYS_s390_mmio_read) && !defined(SYS_s390_mmio_write)
++	  "__dummy_syscall__" // workaround for s390x which doesn't have any of above defined and empty syscall lists are not allowed
++#endif
+ 	},
+ 	{ .name = "@reboot", .list =
+ #ifdef SYS_kexec_load
+diff --git a/src/include/seccomp.h b/src/include/seccomp.h
+index 133b6ce72..b8bfce96b 100644
+--- a/src/include/seccomp.h
++++ b/src/include/seccomp.h
+@@ -149,9 +149,35 @@ struct seccomp_data {
+ # define ARCH_NR	AUDIT_ARCH_S390
+ # define ARCH_32	AUDIT_ARCH_S390
+ # define ARCH_64	AUDIT_ARCH_S390X
++#elif defined(__sh64__) && __BYTE_ORDER == __BIG_ENDIAN
++# define ARCH_NR	AUDIT_ARCH_SH64
++# define ARCH_32	AUDIT_ARCH_SH
++# define ARCH_64	AUDIT_ARCH_SH64
++#elif defined(__sh64__) && __BYTE_ORDER == __LITTLE_ENDIAN
++# define ARCH_NR	AUDIT_ARCH_SHEL64
++# define ARCH_32	AUDIT_ARCH_SHEL
++# define ARCH_64	AUDIT_ARCH_SHEL64
++#elif defined(__sh__) && __BYTE_ORDER == __BIG_ENDIAN
++# define ARCH_NR	AUDIT_ARCH_SH
++# define ARCH_32	AUDIT_ARCH_SH
++# define ARCH_64	AUDIT_ARCH_SH64
++#elif defined(__sh__) && __BYTE_ORDER == __LITTLE_ENDIAN
++# define ARCH_NR	AUDIT_ARCH_SHEL
++# define ARCH_32	AUDIT_ARCH_SHEL
++# define ARCH_64	AUDIT_ARCH_SHEL64
++#elif defined(__sparc64__)
++# define ARCH_NR	AUDIT_ARCH_SPARC64
++# define ARCH_32	AUDIT_ARCH_SPARC
++# define ARCH_64	AUDIT_ARCH_SPARC64
++#elif defined(__sparc__)
++# define ARCH_NR	AUDIT_ARCH_SPARC
++# define ARCH_32	AUDIT_ARCH_SPARC
++# define ARCH_64	AUDIT_ARCH_SPARC64
+ #else
+ # warning "Platform does not support seccomp filter yet"
+ # define ARCH_NR	0
++# define ARCH_32	0
++# define ARCH_64	0
+ #endif
+ 
+ #define VALIDATE_ARCHITECTURE \
-- 
cgit v1.2.3